Snort mailing list archives
Re: [!] WARNING: Truncated ICMP-UNREACH header (9 bytes)
From: Fyodor <fygrave () tigerteam net>
Date: Fri, 6 Jul 2001 02:22:42 +0700
On Thu, Jul 05, 2001 at 01:42:26PM -0500, Stephen C Burns wrote:
Hey all, I am running Snort v1.7 on a Linux machine running the 2.4.5 kernel on an IP-based network. I receive the following message in my syslog-ng and my Snort "alerts" file. A tcpdump on the binary formatted capture file reveals nothing! Any clues? Snort rocks. Thanks all! [!] WARNING: Truncated ICMP-UNREACH header (9 bytes)
According to rfc icmp unreach packet should be: ip header (20 bytes or more) + 8 bytes (icmp hader) + 64 bits (8 bytes) original datagram. In your case instead of last 16 bytes there were only 9 (8 -- icmp header + 1 byte of original datagram?) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) Stephen C Burns (Jul 05)
- Re: [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) Fyodor (Jul 05)
- RE: [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) Stephen C Burns (Jul 05)
- Re: [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) Fyodor (Jul 05)